On 12/8/20 7:46 AM, Matt Caswell wrote: > > > On 08/12/2020 15:28, Oren Shpigel wrote: >> Hi, thanks for the answer. >> >> I know wireshark and ssldump have this capability, but I'm looking for a >> way to do it in my own software in C++, (using OpenSSL, if possible, but >> open to other suggestions as well). > > Unfortunately OpenSSL does not support this capability. It obviously > supports all the required low-level crypto primitives to do it - but you > would have to put them together yourself, as well as do all the packet > parsing, etc. This would be ... difficult. :-) You could use a memory BIO or the like to feed the reconstructed data stream into to handle the TLS bits though? You are still stuck with writing your own TCP stack (effectively)? I think openvpn does something like this when I looked (it used memory BIOs to and then manually read/wrote their contents on its tunnel socket). -- John Baldwin
